Bump to 1.8.10

Bumps [tar-fs](https://github.com/mafintosh/tar-fs) from 1.15.3 to 1.16.2.
- [Release notes](https://github.com/mafintosh/tar-fs/releases)
- [Commits](https://github.com/mafintosh/tar-fs/compare/v1.15.3...v1.16.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.gitignore

@@ -13,3 +13,4 @@
 /test/sample
 !/test/sample/bower.json
 /npm-shrinkwrap.json
+package-lock.json

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # Contributing to Bower
 
-Bower is a large community project with many different developers contributing at all levels to the project. We're **actively** looking for more contributors right now. If you're interested in becoming a Bower maintainer or supporting in any way, please fill the following form: http://goo.gl/forms/P1ndzCNoiG. There is more information about [contributing](https://github.com/bower/bower/wiki/Contributor-Guidelines) in the Wiki.
+Bower is a large community project with many different developers contributing at all levels to the project. There is more information about [contributing](https://github.com/bower/bower/wiki/Contributor-Guidelines) in the Wiki.
 
 <a name="bugs"></a>
 ## 🐛 [Bug reports](https://github.com/bower/bower/wiki/Report-a-Bug)
@@ -16,12 +16,6 @@ Bower is a large community project with many different developers contributing a
   * Read [Architecture doc](https://github.com/bower/bower/wiki/Rewrite-architecture)
   * Triage, close, fix and resolve [issues](https://github.com/bower/bower/issues)
 
-## Team Meetings
-
-We communicate through a channel on Discord https://discord.gg/0fFM7QF0KpZRh2cY 
-
-If you'd like to attend the meetings, please fill the [support form](http://goo.gl/forms/P1ndzCNoiG), and you'll get an invite.
-
 ## Using the issue tracker
 
 The issue tracker is the preferred channel for [bug reports](#bugs),
@@ -29,12 +23,9 @@ The issue tracker is the preferred channel for [bug reports](#bugs),
 requests](#pull-requests), but please respect the following restrictions:
 
 * Please **do not** use the issue tracker for personal support requests. Use
-  [Stack Overflow](http://stackoverflow.com/questions/tagged/bower),
-  [Discord Channel](https://discordapp.com/channels/119103197720739842/123728452816732160),
-  [Mailing List](http://groups.google.com/group/twitter-bower),
-  (twitter-bower@googlegroups.com), or
-  [#bower](http://webchat.freenode.net/?channels=bower) on Freenode.
-
+  [Stack Overflow](http://stackoverflow.com/questions/tagged/bower), or in serious cases
+  send an e-mail to team@bower.io
+  
 * Please **do not** derail or troll issues. Keep the discussion on topic and
   respect the opinions of others.
 

package.json

@@ -1,6 +1,7 @@
 {
+  "private": true,
   "name": "bower",
-  "version": "1.8.8",
+  "version": "1.8.10",
   "description": "The browser package manager",
   "author": "Twitter",
   "license": "MIT",
@@ -17,9 +18,9 @@
   "dependencies": {
     "abbrev": "^1.0.5",
     "archy": "1.0.0",
-    "bower-config": "^1.4.2",
+    "bower-config": "^1.4.3",
     "bower-endpoint-parser": "^0.2.2",
-    "bower-json": "^0.8.1",
+    "bower-json": "^0.8.4",
     "bower-logger": "^0.2.2",
     "bower-registry-client": "^1.0.0",
     "cardinal": "0.4.4",
@@ -35,7 +36,7 @@
     "github": "^0.2.3",
     "glob": "^4.3.2",
     "graceful-fs": "^4.1.3",
-    "handlebars": "^4.0.5",
+    "handlebars": "^4.5.3",
     "inquirer": "0.10.0",
     "is-root": "^1.0.0",
     "junk": "^1.0.0",
@@ -73,7 +74,7 @@
     "husky": "^0.14.3",
     "in-publish": "^2.0.0",
     "lint-staged": "^9.5.0",
-    "mocha": "^2.5.3",
+    "mocha": "^3.5.3",
     "multiline": "^1.0.2",
     "nock": "^11.7.0",
     "nock-legacy": "npm:nock@9.2.3",
@@ -98,5 +99,10 @@
   "files": [
     "bin",
     "lib"
-  ]
+  ],
+  "resolutions": {
+    "deep-extend": "0.5.1",
+    "minimist": "0.2.1"
+  },
+  "workspaces": ["packages/*"]
 }

packages/bower-config/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## 1.4.2
 
+- Prevent errors when expanded env variable does not exist
+
+## 1.4.2
+
 - Update minimist to 0.2.1 to fix security issue
 
 ## 1.4.0

packages/bower-config/lib/util/expand.js

@@ -33,9 +33,7 @@ function doEnvReplaceStr(f) {
         esc = esc.length && esc.length % 2;
         if (esc) return orig;
         if (undefined === process.env[name]) {
-            throw new Error(
-                'Environment variable used in .bowerrc is not defined: ' + orig
-            );
+            return '${' + name + '}';
         }
 
         return process.env[name];

packages/bower-config/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bower-config",
-  "version": "1.4.2",
+  "version": "1.4.3",
   "description": "The Bower config reader and writer.",
   "author": "Twitter",
   "license": "MIT",
@@ -22,7 +22,7 @@
     "expect.js": "^0.3.1",
     "glob": "^4.5.3",
     "mkdirp": "^0.5.0",
-    "mocha": "^2.5.3",
+    "mocha": "^3.5.3",
     "node-uuid": "^1.4.3",
     "q": "^1.2.0",
     "rimraf": "^2.3.2"

packages/bower-endpoint-parser/package.json

@@ -16,7 +16,7 @@
   },
   "devDependencies": {
     "expect.js": "~0.2.0",
-    "mocha": "^2.5.3",
+    "mocha": "^3.5.3",
     "mout": "~0.9.0"
   },
   "scripts": {

packages/bower-json/CHANGELOG.md

@@ -1,3 +1,15 @@
+# 0.8.4
+
+- Update deep-extend (security fix)
+
+# 0.8.3
+
+- Fix requires
+
+# 0.8.2
+
+- Drop dependency on meow (vendor ext-name)
+
 # 0.8.1
 
 - Revert strict name validations and allow @, spaces and slashes

packages/bower-json/lib/util/isAsset.js

@@ -1,4 +1,4 @@
-var extName = require('ext-name');
+var extName = require('../vendor/ext-name');
 
 function isAsset(filename) {
     var info = extName(filename);

packages/bower-json/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bower-json",
-  "version": "0.8.1",
+  "version": "0.8.4",
   "description": "Read bower.json files with semantics, normalisation, defaults and validation",
   "author": "Twitter",
   "license": "MIT",
@@ -10,7 +10,7 @@
     "node": ">=0.10.0"
   },
   "dependencies": {
-    "deep-extend": "^0.4.0",
+    "deep-extend": "^0.5.1",
     "ends-with": "^0.2.0",
     "ext-list": "^2.0.0",
     "sort-keys-length": "^1.0.0",
@@ -19,7 +19,7 @@
   },
   "devDependencies": {
     "expect.js": "^0.3.1",
-    "mocha": "^2.5.3",
+    "mocha": "^3.5.3",
     "request": "^2.64.0",
     "underscore.string": "^3.0.3"
   },

packages/bower-logger/package.json

@@ -16,7 +16,7 @@
   },
   "devDependencies": {
     "expect.js": "~0.2.0",
-    "mocha": "^2.5.3"
+    "mocha": "^3.5.3"
   },
   "scripts": {
     "test": "mocha -R spec"

packages/bower-registry-client/package.json

@@ -21,7 +21,7 @@
   "devDependencies": {
     "bower-config": "^1.1.2",
     "expect.js": "~0.2.0",
-    "mocha": "^2.5.3",
+    "mocha": "^3.5.3",
     "nock": "9.2.3"
   },
   "scripts": {

publish.js

@@ -5,25 +5,9 @@ var path = require('path');
 var childProcess = require('child_process');
 var arraydiff = require('arr-diff');
 var wrench = require('wrench');
-var inquirer = require('inquirer');
-
-var npmVersion = JSON.parse(
-    childProcess.execSync('npm version --json').toString()
-).npm.split('.');
-var npmMajor = parseInt(npmVersion[0], 10);
-var npmMinor = parseInt(npmVersion[1], 10);
 
 var jsonPackage = require('./package');
 
-if (npmMajor !== 3 || npmMinor < 5) {
-    console.log('You need to use at npm@3.5 to publish bower.');
-    console.log(
-        'It is because npm 2.x produces too long paths that Windows does not handle and newer npm drops lib/node_modules'
-    );
-    console.log('Please upgrade it: npm install -g npm@3');
-    process.exit(1);
-}
-
 if (
     childProcess
         .execSync('git rev-parse --abbrev-ref HEAD')
@@ -35,18 +19,12 @@ if (
     process.exit(1);
 }
 
-if (process.env.SKIP_TESTS !== '1') {
-    console.log('Reinstalling dependencies...');
-    childProcess.execSync('rm -rf node_modules && yarn', {
-        stdio: [0, 1, 2]
-    });
-
-    console.log('Running test suite...');
-    childProcess.execSync('yarn test', { stdio: [0, 1, 2] });
-}
-
 var dir = tmp.dirSync().name;
 
+
+console.log('\nInstalling production bundle in:');
+console.log(dir + '\n');
+
 wrench.copyDirSyncRecursive(__dirname, dir, {
     forceDelete: true,
     include: function(path) {
@@ -54,28 +32,30 @@ wrench.copyDirSyncRecursive(__dirname, dir, {
     }
 });
 
+delete jsonPackage.scripts;
+fs.writeFileSync(
+    path.resolve(dir, 'package.json'),
+    JSON.stringify(jsonPackage, null, '  ') + '\n'
+);
+
 console.log('Installing production dependencies...');
-childProcess.execSync('yarn --production', {
+childProcess.execSync('yarn --production -s', {
     cwd: dir,
     stdio: [0, 1, 2]
 });
 
+delete jsonPackage.private;
+jsonPackage.bundledDependencies = Object.keys(jsonPackage.dependencies)
 delete jsonPackage.dependencies;
 delete jsonPackage.devDependencies;
-delete jsonPackage.scripts;
+
 
 fs.writeFileSync(
     path.resolve(dir, 'package.json'),
     JSON.stringify(jsonPackage, null, '  ') + '\n'
 );
 
-console.log('Moving node_modules to lib directory...');
-
-wrench.copyDirSyncRecursive(
-    path.resolve(dir, 'node_modules'),
-    path.resolve(dir, 'lib', 'node_modules')
-);
-wrench.rmdirSyncRecursive(path.resolve(dir, 'node_modules'));
+fs.writeFileSync(path.resolve(dir, '.npmignore'), '');
 
 console.log('Testing bower on sample project...');
 
@@ -106,61 +86,9 @@ if (installedDiff.length > 0) {
     process.exit(1);
 }
 
-console.log('\nBower production bundle installed in:');
-console.log(dir + '\n');
-
-var questions = [
-    {
-        type: 'confirm',
-        name: 'review',
-        message: 'Did you review all the changes with "git diff"?',
-        default: false
-    },
-    {
-        type: 'confirm',
-        name: 'tests',
-        message: 'Are you sure all tests are passing on CI?',
-        default: false
-    },
-    {
-        type: 'confirm',
-        name: 'publish',
-        message:
-            'Are you SURE you want to publish ' +
-            jsonPackage.name +
-            '@' +
-            jsonPackage.version +
-            '?',
-        default: false
-    }
-];
-
-var done = this.async();
-
-inquirer.prompt(questions, function(answers) {
-    if (!answers.review || !answers.tests || !answers.publish) {
-        console.log('Please publish bower after you fix this issue');
-
-        process.exit(1);
-    }
-
-    console.log(
-        '\nPlease remember to tag this release, and add a release with changelog on Github!'
-    );
-    console.log(
-        '\nAlso, please remember to test published Bower one more time!'
-    );
-    console.log(
-        '\nYou can promote this bower release with "npm dist-tag add bower@' +
-            jsonPackage.version +
-            ' latest'
-    );
-    console.log('\nPublishing Bower...');
-
-    childProcess.execSync('npm publish --tag beta', {
-        cwd: dir,
-        stdio: [0, 1, 2]
-    });
-
-    done();
-});
+console.log('All done!')
+console.log('You need to publish prerelease and release manually:')
+console.log('')
+console.log('- cd ' + dir)
+console.log('- npm publish --tag beta')
+console.log('- npm dist-tag add bower@' + jsonPackage.version + ' latest')

test/commands/install.js

@@ -692,7 +692,7 @@ describe('bower install', function() {
         });
     });
 
-    it('recognizes proxy option in config', function(done) {
+    it('recognizes proxy option in config', function() {
         this.timeout(10000);
 
         tempDir.prepare({
@@ -722,7 +722,6 @@ describe('bower install', function() {
             ])
             .fail(function(error) {
                 expect(error.message).to.equal('Status code of 500');
-                done();
             });
     });